package org.suwenqian.airoleplayingchatbackend.config;

import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class SaTokenConfigure implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册 Sa-Token 的拦截器，定义认证和授权规则
        registry.addInterceptor(new SaInterceptor(handler -> {
                    // 默认规则：所有请求都需要登录认证
                    SaRouter.match("/**") // 匹配所有路径
                            .notMatch("/ai-role-play/auth/login", "/ai-role-play/auth/register", "/ai-role-play/auth/logout") // 排除的路径
                            .check(r -> StpUtil.checkLogin()); // 校验规则：必须登录

                    // 更精细的权限控制示例：访问 /admin/ 开头的路径需要拥有 "admin" 角色
                    // SaRouter.match("/admin/**", r -> StpUtil.checkRole("admin"));
                    // 或者需要某个权限码
                    // SaRouter.match("/user/**", r -> StpUtil.checkPermission("user.query"));
                }))
                .addPathPatterns("/**")
                .excludePathPatterns("/ai-role-play/auth/login", "/ai-role-play/auth/register", "/ai-role-play/auth/logout", "/static/**"); // 这里排除不需要拦截的路径
    }
}

